FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 197751
This article describes how to verify the MAC addresses assigned to FortiGate interfaces.

Note 1: In the following examples, two MAC addresses are used:

- Current_HWaddr: this is current hardware address of the interface and the one seen in the network.  This address can be changed from the CLI when the FortiGate is running standalone mode.
- Permanent_HWaddr: The MAC address programmed by the NIC manufacturer for the Vendor ; also called burnt-in MAC address. This address cannot be changed.

By default, the Current_HWaddr is the same as the Permanent_HWaddr.
When configuring HA mode active-active or active-passive, all interfaces MAC addresses are modified with the corresponding virtual mac address (based on vdom id, port, ha group)

Note 2: How to change a MAC address of a physical interface ( standalone mode only) :

config system interface
edit "port1"
set macaddr 00:01:02:03:04:05

1.  The following commands display the current and permanent hardware addresses for a standalone FortiGate.
a. Used without any option, the command below will list all interfaces available:

FGT400-8 # diagnose hardware deviceinfo nic
usage: diagnose hardware deviceinfo nic <nic name>
The following NICs are available:

b. Used with the interface name, the command will give the MAC address information:

FGT400-8 # diagnose hardware deviceinfo nic port1

System_Device_Name port1
Current_HWaddr 00:09:0F:85:AD:8B
Permanent_HWaddr 00:09:0F:85:AD:8B

2.   During HA operation, the current hardware address becomes the HA Virtual MAC address as shown below for a FortiGate in a cluster.
FGT400-8 # diagnose hardware deviceinfo nic port1
System_Device_Name port1
Current_HWaddr 00:09:0F:09:00:00
Permanent_HWaddr 00:09:0F:85:AD:8B
For more information about how the HA Virtual MAC is built, please consult the related article at the end of this page.

Related Articles

Technical Tip: HA Cluster virtual MAC addresses